This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Spring Security - Custom UserDetailsService

I’m new to Spring Security, but I've been playing around with the latest Spring BlazeDS Integration Project and seem to have things working (Login/Logout).

However instead of retrieving my user details from an xml file (like the example in the testdrive), I wanted to get them from a db.

I achieved this by creating a custom UserDetailsService and extendeding org.springframework.security.userdetails.User, which should allow me to return my own User Object with extra parameters (e.g. firstname, lastname).

In my client side application (on successful login) an Object with two parameters is returned:
– authorities (Array)
– name (String - which is the username)

I'm expecting more properties. Below is a snippet of my custom UserDetailsService:

I believe the Spring Security interfaces will eventually want such an object (it's been a while since I've worked with Spring Security). Essentially, for authentication what it will want is users and their authorities (= roles). Security doesn't care about much more than that.

Spring Security doesn't take responsibility for doing basic CRUD/data access tasks, so you shouldn't try to use it to populate a User object. It just wants to make sure that users can be authenticated, and when they do, that their roles (= authorities) are retrieved and stored in the security context.

If you want to get a fully populated user object, I think you'll have to do that yourself. A good time to do this is when authentication was successful. Make sure you keep the security reference guide around, it's pretty good.